remove unneeded permissions from lambda-scale-down.json

philips-labs · Feb 22, 2023 · 415bc8b · 415bc8b
1 parent 8947b17
commit 415bc8b
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 13 deletions.
diff --git a/modules/multi-runner/runners.tf b/modules/multi-runner/runners.tf
@@ -29,7 +29,7 @@ module "runners" {
   ami_filter                = each.value.runner_config.ami_filter
   ami_owners                = each.value.runner_config.ami_owners
   ami_id_ssm_parameter_name = each.value.runner_config.ami_id_ssm_parameter_name
-  ami_kms_key_arn     = each.value.runner_config.ami_kms_key_arn
+  ami_kms_key_arn           = each.value.runner_config.ami_kms_key_arn
 
   sqs_build_queue                      = { "arn" : each.value.arn }
   github_app_parameters                = local.github_app_parameters

diff --git a/modules/runners/policies/lambda-scale-down.json b/modules/runners/policies/lambda-scale-down.json
@@ -56,17 +56,6 @@
         "kms:Decrypt"
       ],
       "Resource": "${kms_key_arn}"
-%{ endif ~}
-%{ if ami_kms_key_arn != "" ~}
-    },
-    {
-      "Effect": "Allow",
-        "Action": [
-          "kms:DescribeKey",
-          "kms:ReEncrypt*",
-          "kms:Decrypt"
-        ],
-      "Resource": "${ami_kms_key_arn}"
 %{ endif ~}
     }
   ]

diff --git a/modules/runners/scale-down.tf b/modules/runners/scale-down.tf
@@ -85,7 +85,6 @@ resource "aws_iam_role_policy" "scale_down" {
     github_app_id_arn         = var.github_app_parameters.id.arn
     github_app_key_base64_arn = var.github_app_parameters.key_base64.arn
     kms_key_arn               = local.kms_key_arn
-    ami_kms_key_arn           = local.ami_kms_key_arn
   })
 }